An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules
References
Link | Resource |
---|---|
http://www.iwantacve.cn/index.php/archives/116/ | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:13
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules |
Information
Published : 2019-02-23 18:29
Updated : 2024-08-04 22:15
NVD link : CVE-2019-9042
Mitre link : CVE-2019-9042
CVE.ORG link : CVE-2019-9042
JSON object : View
Products Affected
sitemagic
- sitemagic_cms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type